[Dovecot] Dovecot SSL-Certificate

Magnus Holmgren holmgren at lysator.liu.se
Mon Feb 21 04:12:17 EET 2005


Adam Pordzik wrote:
> Hello,
> 
> I've a not really dovecot specific problem with my certificate. Since 
> the OpenSSL documentation isn't what I expect to be at least good, I 
> hope someone here can give me a hint how/where fo fix it; I've created a 
> root-Certificate with almost untouched openssl.cnf and issued a 
> server-certificate for dovecot. This cert and it's key I placed in 
> somewhat like /var/dovecot. To state explicitly, away from it's superior 
> root-cert.
> 
> So, a:
> 
> openssl s_client -connect server.tektoform.lan:993 -showcerts
> 
> ends up in:
> 
> unable to get local issuer certificate.
> 
> Althougt connections from clients are working, I prefer to set it up 
> cleanly. Does openssl-clientlib looks up for openssl.cnf, where the 
> place of root-CA-cert is denoted, or do I have to put all cert together 
> in a single directory, or, or, or ...?
> 

If you have clients using OpenSSL, libssl will look for root 
certificates by looking for a file named <hash>.0 in the certs directory 
(/etc/ssl/certs on Debian), where <hash> is the string you get if you 
pass the certificate to "openssl x509 -hash" (see x509(1ssl)). 
Typically, you create a symlink by that name to the more readably-named 
certificate file.

I hope that helps!

-- 
Magnus Holmgren
Linköping, Sweden


More information about the dovecot mailing list